[Samba] [samba] SMB encryption

Jeremy Allison jra at samba.org
Fri Jun 3 16:15:35 UTC 2016

On Fri, Jun 03, 2016 at 02:23:23PM +0200, mathias dufresne wrote:
> Hi all,
> A - I thought badlock mitigation was about encrypting SMB traffic, at least
> most part of it. And this encryption of most part of data transfer could
> (or should) lower performances.

Well it's traffic signing, not encryption. The problem is traffic
signing prevents some of the zero-copy optimizations (sendfile/recvfile)
that are otherwise possible.

> It seems I was wrong: smallest part (something like commands) are encrypted
> but not SMB traffic (ie file transfer). This for SMB protocol prior to SMB3
> (which comes with windows 8).
> B - According to what I read, new options added into smb.conf with Samba
> versions meant to solve Badlock issue are enough by default to solve the
> issue.
> Is that true?

Well the options come with the complete patch, so you
can't separate the two.

More information about the samba mailing list